Crypto-related hacks declined sharply in February, but attackers are increasingly targeting users through phishing campaigns and malicious wallet approvals — a shift suggesting they are focusing more on exploiting human behavior than on vulnerabilities in smart contracts.

According to Nominis’ monthly report, roughly $49 million was lost to crypto-related exploits in February.

A single breach involving Step Finance, a portfolio dashboard and analytics platform built on the Solana blockchain, accounted for the bulk of the losses, with attackers draining approximately $30 million.

The February figure marks a steep decline from the $385 million stolen in January. While one month of data does not necessarily indicate a sustained trend, the drop suggests that large-scale protocol exploits were less prevalent during the period.

Social engineering attacks caused more cumulative damage than traditional smart contract exploits, Nominis said, with phishing campaigns increasing sharply during the month. These attacks typically trick users into interacting with malicious links or signing fraudulent transactions.

Private individuals were the most common victims, rather than centralized exchanges or decentralized finance protocols.

The most prevalent attack method was authorization abuse, in which victims unknowingly granted wallet permissions that allowed attackers to move funds from their accounts.

The figures broadly align with separate reporting from blockchain security company PeckShield, which estimated that February crypto exploits totaled $26.5 million, the lowest monthly losses since March 2025. PeckShield attributed the decline partly to stronger risk controls and improved security practices across the industry.

Related: South Korea sells $21.5M in recovered Bitcoin after custody breach

Crypto security improving, but major exploits persist

Hacks and scams have been a persistent feature of the cryptocurrency industry since its early days, though exchanges and security firms say defenses are gradually improving.

Crypto exchange Bybit recently reported that its fraud-prevention system blocked more than $300 million in unauthorized withdrawals during the final quarter of last year. The company said it flagged roughly 350 high-risk fraud addresses and prevented around 8,000 users from falling victim to potential scams.

Despite improvements in detection systems, large-scale attacks remain a major risk for the industry. According to Chainalysis, crypto hacks resulted in $3.4 billion in cumulative losses last year, underscoring the scale of the threat.

Related: Google uncovers iOS exploit kit used in crypto phishing attacks